How does a Smart Card Reader work?

[NAREN]

How does a Smart Card Reader work?

Smart Card Readers are also known as card programmers (because they can write to a card), card terminals, card acceptance device (CAD) or an interface device (IFD). There is a slight difference between the card reader and the terminal. The term 'reader' is generally used to describe a unit that interfaces with a PC for the majority of its processing requirements. In contrast, a 'terminal' is a self-contained processing device.

Smart cards are portable data cards that must communicate with another device to gain access to a display device or a network. Cards can be plugged into a reader, commonly referred to as a card terminal, or they can operate using radio frequencies (RF).
When the smart card and the card reader come into contact, each identifies itself to the other by sending and receiving information. If the messages exchanged do not match, no further processing takes place. So, unlike ordinary bank cards, smart cards can defend themselves against unauthorized users and uses in innovative security measures.

Communicating with a Smart Card Reader

The reader provides a path for your application to send and receive commands from the card. There are many types of readers available, such as serial, PCCard, and standard keyboard models. Unfortunately, the ISO group was unable to provide a standard for communicating with the readers so there is no one-size-fits-all approach to smart card communication.
Each manufacturer provides a different protocol for communication with the reader.
First you have to communicate with the reader.

Second, the reader communicates with the card, acting as the intermediary before sending the data to the card.
Third, communication with a smart card is based on the APDU format. The card will process the data and return it to the reader, which will then return the data to its originating source.

The following classes are used for communicating with the reader:

ISO command classes for communicating with 7816 protocol
Classes for communicating with the reader
Classes for converting data to a manufacturer-specific format

An application for testing and using the cards for an intended and specific purpose

Readers come in many forms, factors and capabilities. The easiest way to describe a reader is by the method of its interface to a PC. Smart card readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Card readers are used to read data from - and write data to - the smart card. Readers can easily be integrated into a PC utilizing Windows 98/Me, 2000, or XP platforms. However, some computer systems already come equipped with a built-in smart card reader. Some card readers come with advanced security features such as secure PIN entry, secure display and an integrated fingerprint scanners for the next-generation of multi-layer security and three-factor authentication.

Another difference in reader types is on-board intelligence and capabilities. An extensive price and performance difference exists between an industrial strength reader that supports a wide variety of card protocols and the less expensive win-card reader that only works with microprocessor cards and performs all processing of the data in the PC.

The options in terminal choices are just as varied. Most units have their own operating systems and development tools. They typically support other functions such as magnetic-stripe reading, modem functions and transaction printing.

To process a smart card the computer has to be equipped with a smart card reader possessing the following mandatory features:
Smart Card Interface Standard - ISO 7816 is an international standard that describes the interface requirements for contact-type smart cards. These standards have multiple parts. For instance, part 1, 2 and 3 are applicable to card readers. Part 1 defines the physical characteristics of the card. Part 2 defines dimension and location of smart card chip contacts. Part 3 defines the electronic signals and transmission protocols of the card. Card readers may be referred to as conforming to ISO 7816 1/2/3, or in its simplified term, ISO 7816.

Driver - This refers to the software used by the operating system (OS) of a PC for managing a smart card and applicable card reader. To read a smart ID card, the driver of the card reader must be PC/SC compliant which is supported by most card reader products currently available. It should be noted that different OS would require different drivers. In acquiring card readers, the compatibility between the driver and the OS has to be determined and ensured.

Desirable Features in a Smart Card Reader

Card Contact Types refers to how the contact between a card reader and a smart card is physically made. There are two primary types of contact: landing contact and friction contact (also known as sliding or wiping). For card readers featuring friction contact, the contact part is fixed. The contact wipes on the card surface and the chip when a card is inserted. For card readers featuring the landing type, the contact part is movable. The contact "lands" on the chip after a card is wholly inserted. In general, card readers of the landing type provide better protection to the card than that of the friction type.
Smart card readers are also used as smart card programmers to configure and personalize integrated circuit cards. These programmers not only read data, but also put data into the card memory. This means that not only CPU based smart cards, but also simple memory cards can be programmed using a smart card reader. Of course the card reader must support the appropriate protocol such as the asynchronous T=0, T=1 or synchronous I2C protocols.
It won't take long before smart card readers become an integral part of every computer - and, subsequently, the lives of computer users. Computer systems with keyboards that have smart card reader/writer integration are also available.

Smart card readers are also accessible in the form of USB dongle. USB dongles are frequently used with GSM phones, which contain a SIM smart card. Additionally, phone numbers can be edited on a PC using the USB smart card dongle.

[NAREN]

How does a Magnetic Card Reader work?

A magnetic card is a rectangular plastic object (think credit/debit card) that contains either a magnetic object embedded within the card or a magnetic stripe on the exterior of the card. A magnetic card can store any form of digital data.

The electronic devices designed to read stored information from a magnetic card do so by either swiping the card through a slot in the reading device or holding the card next to a magnetic card reader. About a hundred bytes of information can be stored on a magnetic card.
Because of their extensive use, most magnetic cards employ standards that describe the physical and magnetic characteristics for a magnetic stripe on a plastic card. Specifications for a storage format and information exchange are also defined by these standards.

Before describing how a magnetic card reader works, let's look at how data is stored on a magnetic card and the format of data storage collected.
According to existing standards, a magnetic card stores information in three separate tracks. All three tracks possess different bit densities and encoded character sets. The average bit density of the first track is 210 bits per inch (bpi). A 64-bit character dataset is used to store information in track 1. The characters are made up of six data bits and an odd parity bit. The encoding format grants the least-significant bit to come first and the parity bit, last. So, track one can hold around 79 characters.
The information density of the second and third tracks is around 75 and 210 bpi respectively. Only numeric data can be stored on the second and third track. 4-bit binary encoding is used as a decimal subset with odd parity and it is encoded with the least significant bit first and the parity bit last. The second and third tracks hold 40 and 107 characters respectively. The actual usable data stored will be minimized as the Start Sentinel, End Sentinel, and LRC characters are added.

"Two-Frequency, Coherent Phase Recording" is used for encoding magnetic cards. It is also called as F/2F sampling-encoding. By using combined data and clock bits self-clocking is achieved.

For all 3 tracks, the data storage format is as follows: Leading zero bits are encoded to specify the presence of an encoded magnetic card and provide synchronization pulses to the read head electronics and, ultimately, to the controller. The Start Sentinel character then indicates the initiation of actual data. The coded data follows the Start Sentinel character which is followed by the End Sentinel character. The End Sentinel character terminates the data portion of the card and is followed by an LRC byte (used for error detection). The remaining card is filled by zero bits.
Now that we understand how data is stored on a magnetic card it's a bit easier to build on that foundation to gain an understanding of how the reader actually works.

The magnetic card reader uses a specific component to read data from a magnetic card which is referred to as the read head. The magnetic card reader is a microcontroller-based device. The read heads contain signal amplifiers and line drivers. All modern magnetic read heads contain integrated F/2F bit recovery circuitry and interface with the host controller.

Using good coding techniques, interrupt driven sampling can be used to read and handle the data. Most of the head will read the first and second tracks simultaneously. Some of advanced read heads can read all three tracks simultaneously. Linear conditioning is used for noise reduction and signal conditioning.
The reader also contains an oscillator section which is used to provide the clocks for the recovery section and for the enable/disable timers. The enable/disable counters provide initialization for the recovery section. The recovery section locks onto the data rate and recovers the individual data bits from the data stream.

The magnetic card reader is a microcontroller-based device and has been programmed for a specific application. That program simply reads the card in a forward direction in a simple data format or it can be complex enough to read the card in any direction with a corresponding encoding format.

[NAREN]

How do I determine if I have a valid credit card

Credit cards use the Luhn Check Digit Algorithm. The main purpose of the Luhn Check Digit Algorithm is to catch data entry errors, but it does double duty here as a weak security tool.

The Luhn Check Digit Algorithm

For a card with an even number of digits, double every odd numbered digit (1st digit, 3rd digit, 5th digit, etc...) and subtract 9 if the product is greater than 9. Add up all the even digits (2nd digit, 4th digit, 6th digit, etc...) as well as the doubled-odd digits, and the result must be a multiple of 10 or it's not a valid card. If the card has an odd number of digits, perform the same addition doubling the even numbered digits instead.

For your convenience, we have examples of the Luhn Check Data Algorithm in C and the Luhn Check Data Algorithm in Java.

[NAREN]

What is Smart Card Software?

A smart card contains an integrated circuit (IC) chip containing a central processing unit (CPU), random access memory (RAM) and non-volatile data storage. Data stored in the smart card's microchip can be accessed only through the chip operating system (COS). Smart cards provide a secure, portable platform for "any time, anywhere" computing that can contain and manipulate substantial amounts of data, especially an individual's personal digital identity.

Smart cards are a type of mini computer with an operating system capable of running a variety of applications. JavaCard is a multi-application smart card operating system which provides an API with a set of standard classes through which common java applets can be loaded and executed on the smart card. Java's portability allows smart cards to become a general-purpose computing platform while creating a potentially huge market for application software and development. Due to the increasing demand for smart card applications, businesses and service providers are constantly looking for innovations and applications for available services that could utilize smart card technology.
There are various business interests who provide custom software for smart cards. Smart cards can bring security, convenience and ease-of-use to millions worldwide. With a growing market and technological advances, smart cards can be placed in a wide and growing range of applications from mobile telephony, CRM, rewards programs, as well as the development of next-generation applications and services. Smart cards are playing a growing role in application fields like electronic cash, bill pay, purchase, as well as security and access control.

Contemporary services provided by smart card solutions include:

RFID Tags
Fleet control and management
Student and campus management
Electronic cash (Mondex)
Transportation charge applications
Automatic fare collection applications
Security and access management
Financial services
Affinity programs
Cellular phones
Set-top boxes
Secure network access
Communications applications
Government programs
Information security
Physical access
Transportation
Consumer reward/redemption tracking
Health card
All-purpose student ID card

Other applications of smart cards and JavaCard technology include: mobile communication, mass transit, driving licensing, electronic toll collection, healthcare, information technology, etc...